Add option to check caps when querying a particular post status. fixes #6052

git-svn-id: http://svn.automattic.com/wordpress/trunk@7109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2008-02-29 21:49:49 +00:00
parent 37c69acd2d
commit 884be4169f
5 changed files with 37 additions and 8 deletions

View File

@ -81,13 +81,15 @@ if ( is_single() ) {
<ul class="subsubsub"> <ul class="subsubsub">
<?php <?php
$status_links = array(); $status_links = array();
$num_posts = wp_count_posts('post'); $num_posts = wp_count_posts('post', 'readable');
foreach ( $post_stati as $status => $label ) { foreach ( $post_stati as $status => $label ) {
$class = ''; $class = '';
if ( !in_array($status, $avail_post_stati) ) if ( !in_array($status, $avail_post_stati) )
continue; continue;
if ( empty($num_posts->$status) )
continue;
if ( $status == $_GET['post_status'] ) if ( $status == $_GET['post_status'] )
$class = ' class="current"'; $class = ' class="current"';

View File

@ -513,8 +513,10 @@ function wp_edit_posts_query( $q = false ) {
$avail_post_stati = get_available_post_statuses('post'); $avail_post_stati = get_available_post_statuses('post');
$post_status_q = ''; $post_status_q = '';
if ( isset($q['post_status']) && in_array( $q['post_status'], array_keys($post_stati) ) ) if ( isset($q['post_status']) && in_array( $q['post_status'], array_keys($post_stati) ) ) {
$post_status_q = '&post_status=' . $q['post_status']; $post_status_q = '&post_status=' . $q['post_status'];
$post_status_q .= '&perm=readable';
}
if ( 'pending' === $q['post_status'] ) { if ( 'pending' === $q['post_status'] ) {
$order = 'ASC'; $order = 'ASC';

View File

@ -3,7 +3,7 @@
class WP { class WP {
var $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'debug', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots'); var $public_query_vars = array('m', 'p', 'posts', 'w', 'cat', 'withcomments', 'withoutcomments', 's', 'search', 'exact', 'sentence', 'debug', 'calendar', 'page', 'paged', 'more', 'tb', 'pb', 'author', 'order', 'orderby', 'year', 'monthnum', 'day', 'hour', 'minute', 'second', 'name', 'category_name', 'tag', 'feed', 'author_name', 'static', 'pagename', 'page_id', 'error', 'comments_popup', 'attachment', 'attachment_id', 'subpost', 'subpost_id', 'preview', 'robots');
var $private_query_vars = array('offset', 'posts_per_page', 'posts_per_archive_page', 'what_to_show', 'showposts', 'nopaging', 'post_type', 'post_status', 'category__in', 'category__not_in', 'category__and', 'tag__in', 'tag__not_in', 'tag__and', 'tag_slug__in', 'tag_slug__and', 'tag_id', 'post_mime_type'); var $private_query_vars = array('offset', 'posts_per_page', 'posts_per_archive_page', 'what_to_show', 'showposts', 'nopaging', 'post_type', 'post_status', 'category__in', 'category__not_in', 'category__and', 'tag__in', 'tag__not_in', 'tag__and', 'tag_slug__in', 'tag_slug__and', 'tag_id', 'post_mime_type', 'perm');
var $extra_query_vars = array(); var $extra_query_vars = array();
var $query_vars; var $query_vars;

View File

@ -822,10 +822,18 @@ function sanitize_post_field($field, $value, $post_id, $context) {
* @param string $type Post type * @param string $type Post type
* @return array Number of posts for each status * @return array Number of posts for each status
*/ */
function wp_count_posts( $type = 'post' ) { function wp_count_posts( $type = 'post', $perm = '' ) {
global $wpdb; global $wpdb;
$count = $wpdb->get_results( $wpdb->prepare( "SELECT post_status, COUNT( * ) AS num_posts FROM {$wpdb->posts} WHERE post_type = %s GROUP BY post_status", $type ), ARRAY_A ); $user = wp_get_current_user();
$query = "SELECT post_status, COUNT( * ) AS num_posts FROM {$wpdb->posts} WHERE post_type = %s";
if ( 'readable' == $perm && is_user_logged_in() ) {
if ( !current_user_can("read_private_{$type}s") )
$query .= " AND (post_status != 'private' OR ( post_author = '$user->ID' AND post_status = 'private' ))";
}
$query .= ' GROUP BY post_status';
$count = $wpdb->get_results( $wpdb->prepare( $query, $type ), ARRAY_A );
$stats = array( ); $stats = array( );
foreach( (array) $count as $row_num => $row ) { foreach( (array) $count as $row_num => $row ) {

View File

@ -1213,6 +1213,7 @@ class WP_Query {
if ( isset($q['post_status']) && '' != $q['post_status'] ) { if ( isset($q['post_status']) && '' != $q['post_status'] ) {
$q_status = explode(',', $q['post_status']); $q_status = explode(',', $q['post_status']);
$r_status = array(); $r_status = array();
$p_status = array();
if ( in_array( 'draft' , $q_status ) ) if ( in_array( 'draft' , $q_status ) )
$r_status[] = "post_status = 'draft'"; $r_status[] = "post_status = 'draft'";
if ( in_array( 'pending', $q_status ) ) if ( in_array( 'pending', $q_status ) )
@ -1222,11 +1223,27 @@ class WP_Query {
if ( in_array( 'inherit' , $q_status ) ) if ( in_array( 'inherit' , $q_status ) )
$r_status[] = "post_status = 'inherit'"; $r_status[] = "post_status = 'inherit'";
if ( in_array( 'private', $q_status ) ) if ( in_array( 'private', $q_status ) )
$r_status[] = "post_status = 'private'"; $p_status[] = "post_status = 'private'";
if ( in_array( 'publish', $q_status ) ) if ( in_array( 'publish', $q_status ) )
$r_status[] = "post_status = 'publish'"; $r_status[] = "post_status = 'publish'";
if ( !empty($r_status) )
$where .= " AND (" . join( ' OR ', $r_status ) . ")"; if ( empty($q['perm'] ) || 'readable' != $q['perm'] ) {
$r_status = array_merge($r_status, $p_status);
unset($p_status);
}
if ( !empty($r_status) ) {
if ( !empty($q['perm'] ) && 'editable' == $q['perm'] && !current_user_can("edit_others_{$post_type}s") )
$where .= " AND (post_author = $user_ID " . "AND (" . join( ' OR ', $r_status ) . "))";
else
$where .= " AND (" . join( ' OR ', $r_status ) . ")";
}
if ( !empty($p_status) ) {
if ( !empty($q['perm'] ) && 'readable' == $q['perm'] && !current_user_can("read_private_{$post_type}s") )
$where .= " AND (post_author = $user_ID " . "AND (" . join( ' OR ', $p_status ) . "))";
else
$where .= " AND (" . join( ' OR ', $p_status ) . ")";
}
} elseif ( !$this->is_singular ) { } elseif ( !$this->is_singular ) {
$where .= " AND (post_status = 'publish'"; $where .= " AND (post_status = 'publish'";